Hello again,
I found the solution, tomcat-users.xml was in the wrong directory. Thanks Julie. [EMAIL PROTECTED] on 04/30/2002 06:26:17 AM Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Re: jdbc realm + form authenication setup Hello Thanks for the below info, I read the servlet spec and it helped, but I still can not get the form based authenication to work. I have attached the web.xml and tomcat-users.xml files, the welcome-file should be restricted, it does bring up the login page but then it displays the failed login page - is there still something wrong with this set up. Thanks Julie web.xml <welcome-file-list> <welcome-file>/assistant/restricted/test.htm</welcome-file> </welcome-file-list> <security-constraint> <web-resource-collection> <web-resource-name>Assistant</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/restricted/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>manager</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.htm</form-login-page> <form-error-page>/loginFailed.htm</form-error-page> </form-login-config> </login-config> <security-role> <role-name>manager</role-name> </security-role> tomcat-users.xml <tomcat-users> <user name="operate" password="operatethis" roles="manager" /> </tomcat-users> [EMAIL PROTECTED] on 04/29/2002 02:58:49 PM Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Re: jdbc realm + form authenication setup Hi Julie, In your web.xml file if you specify auth-method FORM you have to give it two form names like so: <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.htm</form-login-page> <form-error-page>/loginFailed.htm</form-error-page> </form-login-config> You only use realm-name if you are using the BASIC authentication scheme. You have to provide the pages for form-login and form-error. In the login page you must have a form with action j_security_check, like so. <form name="login" method="post" action="j_security_check"> That form has to have a field called j_username and another called j_password. Does your Sybase driver info work without security? Also you may not want to digest your passwords until you get everything else working to eliminate that as the source of the error. To get details on setting up the web.xmlfile and server.xml files download the Servlet 2.3 specification from java.sun.com. It's fairly short and is in pdf format. Hope this helps, Rick ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 29, 2002 11:48 AM Subject: jdbc realm + form authenication setup > Hello > > I have been unable to set up jdbc realm with form authenication method. I > have the jsp, the server.xml and web.xml files configured but it doesn't > work - I am missing sometime but have not found a good resource to explain > exactly what this is. Does anybody have an example/know of a good > resource? Using Tomcat 4.0 and Sybase. > > in server.xml > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > driverName="com.sybase.jdbc2.jdbc.SybDriver" digest="digest" connectionURL > ="jdbc:sybase:Tds:server:port/db?user=user&password=user" userTable=" > userTable" userNameCol="nameTable" userCredCol="user_pswd" userRoleTable =" > roles" roleNameCol="roleName"/> > > in web.xml > security-constraint> > <web-resource-collection> > <web-resource-name>Configuration</web-resource-name> > <!-- Define the context-relative URL(s) to be protected --> > <url-pattern>/assistant</url-pattern> > </web-resource-collection> > <auth-constraint> > <!-- Anyone with one of the listed roles may access this area --> > <role-name>operate</role-name> > </auth-constraint> > </security-constraint> > <login-config> > <auth-method>FORM</auth-method> > <realm-name>EBasic Authentication Area</realm-name> > </login-config> > > Thanks > Julie > > > This communication is for informational purposes only. It is not intended as > an offer or solicitation for the purchase or sale of any financial instrument > or as an official confirmation of any transaction. All market prices, data > and other information are not warranted as to completeness or accuracy and > are subject to change without notice. Any comments or statements made herein > do not necessarily reflect those of J.P. Morgan Chase & Co., its > subsidiaries and affiliates. > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase & Co., its subsidiaries and affiliates. -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]> This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase & Co., its subsidiaries and affiliates. -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>